Vmware horizon radius integration with two factor authentication

-1 down vote  favorite
I have deployed vmware horizon view connection server (Evaluation/Trial version), i want to integrate it with two factor authentication server. But after configuring RADIUS parameters in admin portal of connection server, it’s not allowing me to save the settings. Please suggest.
I have attached the snap for your reference.

The SMTP server supports what is referred to as third party authentication. To take advantage of this you would need to provide all of the authentication code, however -- there's no way to do part of the authentication and then pass control back to the messaging server for the rest. So you'd need to do both password checks, one of which is presumably done via LDAP auth, yourself.
As far as LDAP proxy and RADIUS, we use a standard LDAP simple bind. The ODSEE LDAP proxy is often used in OCMS deployments, so that is a known good solution. We don't directly support RADIUS; the aforementioned third party authentication could be used to tie into such a system.
- Jeff

Similar Messages

  • Visual Studio 2013 Community Azure Login Not Working with Two-factor Authentication

    Has anybody had any problems logging in to Azure to publish when using Visual Studio 2013 Community and with two-factor authentication turned on?
    I couldn't log on until I turned off two-factor authentication.
    Regards

    Hello John,
    Thanks for posting here!
    You can try and set a credential helper like
    git-credential-winstore in order to cache your credentials. See if that helps.
    Couple of questions here:
    1) Are you using a MSA account by any chance?
    2) When you turn on two-factor authentication, do you get any error message?
    3) Did you try with different browsers?
    Looking forward to your response!
    Regards,
    Sadiqh

  • How to deploy connection (Mac OS X Yosemite to Windows RDS) through the RD Gateway with Two Factor authentication (Safenet OTP) on Session host?

    Good day!
    Could you please help me? How to deploy connection (Mac OS X Yosemite to Windows RDS) through the RD Gateway with Two Factor authentication on Session host? How to open an authentication dialog that is the same as in Windows when logging on to network resources
    in Windows (Windows Security)?
    Our test environment: We have one RDS 2012 R2 server (all roles in one) and one session host in collection. On the session host installed Safenet Network Logon and it under GPO which disable all authentication, only OTP.

    Hi Sir,
    It seems that you are going to integrate 3rd party product into AD for authentication .
    I would suggest you to contact the vendor of Safenet for this deployment  scenario  :
    http://www.safenet-inc.com/multi-factor-authentication/authentication-management/safenet-authentication-manager-express-samx/
    Best Regards,
    Elton Ji
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] .

  • I don't get SMS messages with the code from Apple with two factor authentication

    As soon as Apple enabled two factor authentication in Mexico, I activated the feature. For some time everything worked well. When iOS 8 was launched, I started updating my devices. I was able to update an iPad Air as well as my iPhone 5 (which is the device used for verification). However, when I tried to update my iPad mini, I couldn't. I stopped receiving SMS messages from Apple with the code for verification. Now I am stuck with an iPad mini that I cannot use with my Apple ID and I cannot use iCloud on my brand new iPhone 6 (anticipating the problem, I backed up my iPhone 5 with iTunes and I am up and running, but with no iTunes match and no iCloud backup).
    I have spent time on the phone with Apple support, who promised to return my call with a solution, but they never called back.
    Just a final note. I do not have the recovery key. I trusted Apple and never thought I would need it. The fact is I still think it is Apple's problem because the SMS messages should get to my phone, and they don't. I do not really care losing my iCloud Backups or my photos (I have them all backed up elsewhere) but I don't want to lose my e-mail address (a .mac domain) nor my purchases.

    I sent a message to that person. He replied, but I didn't get anything. To make it even more puzzling, I asked him to cc to my wife and she got his message. Then I asked her to forward it to me, and again I didn't get anything. Next, I  found an old message from that guy and forwarded it to myself. Same effect - the message disappears, although the "sent" folder has a copy!

  • Two Factor authentication support for VMWare View

    Happy to inform you that ArrayShield IDAS Two factor authentication solution has added support to VMWare View.  As other product vendors, the integration happens out of the box using RADIUS. Secure and almost nil downtime to add 2FA support to your VMWare View.
    ArrayShield IDAS 2FA solution is a patented, multi-award winning product that stands out from the other Two factor authentication product for its innovative solution on using a simple plastic card and pattern combination to derive One Time Secret Code. This gets rid of various dependencies like Hardware token, Smart Card or Mobile networks.  Kindly go through our product demo video to understand the product better.
    http://www.arrayshield.com/products/howitworks

    Finally, this is what I looking. Thanks for giving the link.

  • Sun VDI - Two Factor Authentication

    Dear Colleagues,
    The simple way to implement two factor authentication is by replacing the vdaclient.jar. We are working on RSA SecurID authentication with SSO support, by using the Windows password integration feature of RSA SecurID. The RSA Authentication Manager (version 6+) has a field for caching the Windows password, normally used by the Windows Authentication Agent (6.1+). These agent API methods are not available in the JAVA agent API nor the c API for Solaris, but we will work around this for our new RSA Authentication Agent for Sun VDI.
    If I understand the broker service correctly, this will not be a solution for direct RDP connections. Users can only be challenged with their AD username and password, the broker will test the credentials using Kerberos and if successful proxy a RDP connection on behalf of the client.
    Does anyone know a possible alternative? Does a roadmap exist for full two factor authentication support on the broker?
    Best Regards,
    Arno Staal
    Divider B.V.

    Hi
    Thanks for your response. I don't think I made myself clear. We run UAG 2010 and have not implemented Direct access. We now have many users wishing to access our internal resources. Our internal info security bods have demanded we provide a two factor authentication
    methodology. Direct access need at least Windows 7 enterprise on the client. We cannot afford the licencing. Nor can we currently afford windows 2012 cals. What I was after was a method of implementing two factor authentication on our current UAG
    portal. I have access to a radius server. I am not an expert on UAG the guy who was has left.
    Regards 

  • Apple ID - Two Factor Authentication (and why I stopped using it)

    The Apple devices I use every day consist of the following:
    2009 MacBook Pro 17" (home)
    iPhone 6 (home)
    2012 MacBook Pro Retina (work)
    My home devices are all logged in using my Apple ID as usual, and my work laptop uses a Apple ID specific to work, but with my personal Apple ID logged in for iMessage and FaceTime (pretty standard, I presume, for people with full-time work laptops they can bring home, etc.). Now, since I have multiple devices which are constantly syncing everything back and forth, whether it be something as simple as my contacts or as delicate and near and dear to my heart as my photo collection, I felt that maybe I should use two factor authentication for my home Apple ID, just to be on the safe side. I recognize that the two factor authentication only protects iMessage and FaceTime currently, but I implemented it with hopes that someday they will incorporate everything about iCloud and other services synced between Apple devices that you would assume should be covered by a two factor authentication update/overhaul.
    I liked this idea very much, as I use two factor for almost everything I can, but things started to fall apart one day when I had to switch to a temporary work laptop and decided to log in to iMessage with a new app specific password, as you would need to on a new device (unless you wrote down the original iMessage password, which is a terrible thing to do). When I went to create my new iMessage password for work laptop B, I decided to revoke work laptop A's iMessage password while it went in for repairs. This wasn't so bad until something seemed funny about my phone, as it was asking for me to log into iMessage again. Now, I had created a separate password for work laptop A's iMessage when I first logged in a while back, as well as a separate password for the temporary work laptop B so it didn't interfere with my other generated passwords. Apparently this didn't matter.
    I continued and created a new app password for my phone, but when I got home, wouldn't you know it, I had to log into iMessage on my home laptop again as well. I had to create a new password for that, which seemed to work for a while, but then I was prompted to enter my iMessage password on my phone again once I revoked my home laptop's iMessage password. Not following? No, me either. It seemed to me that creating separate app specific passwords for me to use across my devices didn't stay as separate as I thought they should, but instead they somehow seemed to be dependent on one another. Since I had a frustrating time trying to activate iMessage again on my iPhone and laptops on multiple occasions while this was happening, I decided to disable two factor authentication altogether.
    I suppose I should ask a question here, so here goes: has anyone else encountered this horrific two factor authentication/app specific password management issue for their own account? Have you been able to resolve it, and if so, any helpful suggestions? Thanks!

    I had also thought that initially, but after turning it on, I went to sign into iMessage with my Apple ID and regular Apple ID password, but it prompted me to create an app specific password to sign in since I had two factor authentication on, as it wouldn't let me use my regular Apple ID password to log in (which I could use to log in for everything else but iMessage and FaceTime). It was nice since I was prompted to provide a code sent to an Apple device of my choosing when signing into the Apple ID management site or iCloud.com, but forcing me to create app specific passwords for iMessage and FaceTime is kind of ridiculous and frustrating. Maybe there's a way to have two factor authentication without the need for app specific passwords? Or if not, then perhaps that would be a great option to present users when turning that feature on.

  • Two Factor Authentication on Windows Server 2008 R2

    We have a small 2008 R2 Active Directory environment with 2 domain controllers and 13 member servers. We have no additional features such as an RDP gateway or Federation Services - just a plain AD setup. We now have a requirement from our client to have
    a two factor authentication solution for each time we logon to any server, either using RDP or locally. We only have 4 admins that ever logon to these servers - we do not have any "regular" users.
    Is there anything out there that would work in this environment without having to modify our AD (at least nothing major)?
    Thanks

    Hi,
    You may consider smart card:
    Smart Card Overview
    http://technet.microsoft.com/en-us/library/hh831433.aspx
    Understanding Requirements for Connecting to a Remote Desktop Gateway Server
    http://technet.microsoft.com/en-us/library/cc770519.aspx
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • What is the best practices to apply two factor authentication on on-premise Exchange 2013 Environment ?

    Hi, Everyone
    i want to know what is the requirements to apply two factor authentication in Exchange 2013, Through Mobile or SMS.
    what is the third party solutions of Microsoft solutions

    Hi,
    If we can deploy Active Directory Federation Services (AD FS) 2.0, it means that Outlook Web App and EAC in Exchange 2013 SP1 can support multifactor authentication methods, such as certificate-based authentication, authentication or security tokens, and
    fingerprint authentication.
    Additional, we can use TMG or Microsoft UAG to deploy MFA, please refer to:
    https://social.technet.microsoft.com/Forums/exchange/en-US/f355ffbd-7d03-45d8-b4b1-987b2db5eadf/is-there-a-way-to-do-two-factor-authentication-with-outlook-web-app-2010?forum=exchangesvrgenerallegacy
    Best Regards,
    Allen Wang

  • Network Policy Server Two-factor authentication OTP

    Hello,
    I don't have much knowledge about the Network Policy Server so before digging into this; I would like to know if it offers two-factor authentication. If so, what are the possibilites? I'm looking for a validation based on a one-time password OTP (hardware/software
    token or sms) and  the Active Directory user/pwd.
    Is there anything builtin in the Network Policy Server offering this?
    Thank you!

    Hi,
    NPS supports smart card.
    Two-factor authentication provides improved security because it requires the user to meet two authentication criteria: a user name/password combination and a token or certificate.
    A typical example of two-factor authentication with a certificate is the use of a smart card.
    To use smart cards for remote access authentication, we may do the following:
    Configure remote access on the remote access server.
    Install a computer certificate on the remote access server computer.
    Configure the Smart card or other certificate (TLS) EAP type in remote access policies.
    Enable smart card authentication on the dial-up or VPN connection on the remote access client.
    For detailed information, please refer to the link below,
    Using smart cards for remote access
    http://technet.microsoft.com/en-us/library/cc783310(v=WS.10).aspx
    Best Regards.
    Steven Lee
    TechNet Community Support

  • Two factor authentication for iCloud?

    Hello,
    I have two factor authentication (aka two step verification) setup for my AppleID - when I login to appleid.apple.com it sends a code to my phone.  So that part works great.  However, when I login to www.icloud.com it doesn't send a code to my phone.  Securing iCloud.com with two factor is very important as iCloud contains a lot of your data (email, contacts, etc.).
    I'm wondering if it's not working for me because two factor for iCloud.com hasn't been fully rolled out yet - or maybe it is still in beta?
    This article indicates that Apple was testing two factor for iCloud.com as recently as June, 2014:
    http://appleinsider.com/articles/14/06/30/apple-testing-two-step-verification-fo r-icloudcom
    So my question is, does anyone know when two-factor authentication will be fully rolled out and working for iCloud.com?
    Thanks!

    After reading a few articles on this subject, Apple is still working on enabling two-factor authentication for iCloud.  At best, they are currently "rolling it out", a process that can take several months due to the millions of users, I guess.  At worst, it's still in beta and they are still testing and working on it... which means it could be next year before it's fully deployed.  I haven't found any articles or news with a firm date.  I'm just glad they are working on it as it's very important.  In the meantime, they have implemented email notifications when you login to your iCloud account.  I tested this and only received one notification (for multiple logins over several days from several different computers) so I'm not sure how well the notifications are really working - but I think the notifications are just a workaround until they get two-factor fully deployed for iCloud.
    Does anyone else have more info on this?

  • If I have two factor authentication on my iPhone can someone read my iMessages on their iOS device?

    If I have two factor authentication on my iPhone can someone read my iMessages on their iOS device?

    As you probably know iOS devices can only be physically synced to one computer at a time. If you mean will iTunes Match keep all your "devices" up to date with all our music then, yes, that is what the service is designed to do.

  • Two factor authentication. How secure will be this setup?

    I want to be able to have a passphrase + keyfile (on a usb stick) combination. So whoever is going to unlock the system has to HAVE something AND KNOW something to get access. Of course, this way, if the stick is lost, then the disk can't be decrypted. That's why there has to be a back-up usb stick. But if you merely duplicate the same key stored on stick (1) to stick (2), then whoever finds/steals stick (1) now knows your current keyfile. I want to make it so that loosing a usb stick will not weaken the security in any way, by making so that the keyfile stored on that usb stick can be easily made useless. So my plan is to do the following:
    HDD
        partition 1 | Contains encrypted keyfiles `Ke1`, `Ke2`
        partition 2 | Luks device, encrypted using the key `Ka`
    Usb Stick 1
        boot
        keyfile K1
    Usb Stick 2 (backup)
        boot
        keyfile K2
    where
    passphrase is `P`
    `Ke1`          is  `Ka` encrypted using K1 and P
    `Ke2`          is  `Ka` encrypted using K2 and P
    K1 and K2 are different. Both are randomly generated keyfiles.
    During the boot the following happens:
    1) It boots from the usb stick (1)
    2) It asks for a passphrase `P` in initrd. User types the passhprase.
    3) It read keyfile `K1` from the USB stick (1)
    3) It decrypts `Ke1` (which is encrypted using AES-256). It first decrypts it using `P`, then it decrypts it using K1. In the end you get the original `Ka`.
    4) It uses `Ka` to unlock the luks device on partition 2 and then runs the system from there. Of course, Ka is only in memory.
    If stick (1) is lost:
    Then you can nuke (e.g. using shred) `Ke1` and now the K1 which is on that stick (1) is useless. But you can now use stick (2) instead since there is another version of encrypted `Ka` stored (`Ke2`).
    If HDD is lost:
    Although the keyfile (`Ka`) that decrypts the luks partition is stored on the drive itself, nobody can use that keyfile, because it's encrypted. I.e. they will only find `Ke1` and `Ke2` there, which will be useless without a usb stick and a passphrase.
    Basic evil maid attacks (like infecting the MBR, which is what e.g. FinFisher does) should be impossible with this, because it boots from a flash that you carry with yourself.
    Any comments?
    P.S.
    The real system will look like this:
    HDD
        partition 1 | encrypted keyfiles
        partition 2 | luks device with LVM
            LVM swap
            LVM cryptdevice
                btrfs
                       /current-homeroot
                           /home
                           /root
                       /snapshot1
                           /home
                           /root
                       /snapshopt2 and etc
    USB Stick
        /boot
        Keyfile 1
    Then one can do incremental snapshots of the system.

    I use the Google Authenticator app on my phone as two-factor authentication when SSH'ing to my VPS.
    https://wiki.archlinux.org/index.php/Go … henticator
    You get emergency codes to write down so you don't need a backup device.
    I've not looked into whether or not you can use it to unlock a LUKS setup, but it's a PAM module so it might not be that difficult. It's worth searching for as an alternative to USB sticks.
    Last edited by slithery (2015-01-10 20:21:13)

  • I am trying to set up two-factor authentication but none of my devices appear listed.

    I am trying to set up two-factor authentication but none of my devices appear listed. I am only given an option to add an SMS-enabled device. When I do this, I receive an SMS with a code, but have no way to continue in the browser. I have enabled find my iPhone on at least one device, and can see all my devices in the find-my-iPhone app. Am I missing something?

    As a check, this page walks you through the process:
    http://technofyi.com/2013/03/21/how-to-enable-apples-two-step-verification-featu re/
    His step 6 shows the 'Step 1 of 4' page where you should click 'Add an SMS-capable phone number'.
    His step 7 shows the 'Add a phone number' window where you can enter the phone number and click 'Next'. The phone should then receive the code by SMS.
    His step 8 shows the 'Verify Device' window which should appear automatically in which you can enter the code.
    Are you not seeing the window in step 8? if this is not popping up automatically then something is going wrong: you could try clearing your browser's cache and trying again. If it still won't work you may have to contact Support: Go to https://getsupport.apple.com ; click 'See all products and services', then ' 'iTunes', and then 'iTunes Store', then 'Account Management' then 'Apple ID account security' - this seems to be the nearest relevant option.

  • Two-factor Authentication in Norway

    I can't find the setting for enabling two-factor authentication. I live in Norway, and Norway was recently added to the list of countries supporting two-factor authentication. I have followed the instructions, but it seems the option is not there yet...

    Hello there, bthusby.
    How excellent that you now have the added security of two-step verification in Norway. The following Knowledge Base articles provide some great getting started steps and answers to frequently asked questions about it:
    Apple ID: About two-step verification and SMS
    http://support.apple.com/kb/HT5593
    To get started:
         Adding or removing SMS numbers
    Add or remove an SMS-capable number from your account:
    Go to My Apple ID.
    Select Manage your Apple ID and sign in.
    Select Password and Security.
    In the Trusted Devices section, select Manage.
    To add a number, select Add an SMS-capable phone number.
    To remove a number, select Remove next to the verified phone number associated with your Apple ID.
    Additionally the Frequently Asked Questions article provides a great overview of the feature as well:
    Frequently asked questions about two-step verification for Apple ID
    http://support.apple.com/kb/ht5570
    Thanks for reaching out to Apple Support Communities.
    Cheers,
    Pedro.

Maybe you are looking for